Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

How to Enable and Configure Junos OS in FIPS Mode of Operation

To enable the Junos OS in FIPS mode of operation, perform the following steps:

  1. Zeroize the device before enabling FIPS mode of operation

    user@host> request vmhost zeroize

  2. Enable the FIPS mode on the device.

    user@host# set system fips level 2

  3. Set the root password.

    user@host# set system root-authentication plain-text-password.

    Enter a password.

  4. Remove the CSPs on commit check.

    user@host# commit

  5. After you reboot the device, perform integrity and self-test when the module is operating in FIPS mode.

  6. Configure IKEv2 when AES-GCM is used for encryption of IKE and/or IPSec.
Note: The show configuration security ike and show configuration security ipsec commands display the approved and configured IKE/IPsec configuration for the device operating in FIPS approved mode.

The fips keyword next to the hostname in the output indicates that the module is operating in FIPS mode for Junos Software Release 24.4R1.

Related Documentation